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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

• Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 20 June 2005 . 
2a)K This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-16 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-16 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 19 December 2001 is/are: a)S accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1 ) □ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Drafts person's Patent Drawing Review (PTO-948) F a P er No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) d Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 7-05) 



Office Action Summary 



Part of Paper No./Mail Date 09302005 



F Application/Control Number: 10/027,622 Page 2 

Art Unit: 2133 

DETAILED ACTION 

Response to Amendment 
Applicant's amendments with respect to amended claims 1 & 8 and previously presented 
claims 2-7 & 9-16 filed 6/20/2005 have been fully considered, however the Affidavit relied upon 
to disqualify Burn, US Pub. No. 2003/0005291 (herein after "Burn") as prior art is ineffective as 
explained further below. The Examiner would like to point out that this action is made final (See 
MPEP 706.07a). 

The affidavit filed on 6/20/2005 under 37 CFR 1.131 has been considered but is 
ineffective to overcome the Burn reference. 
MPEP Section 715.04 states that: 

The following parties may make an affidavit or declaration under 37 CFR 1.131: 

(A) All the inventors of the subject matter claimed. 

(B) An affidavit or declaration by less than all named inventors of an application is 
accepted where it is shown that less than all named inventors of an application invented the 
subject matter of the claim or claims under rejection. For example, one of two joint inventors is 
accepted where it is shown that one of the joint inventors is the sole inventor of the claim or 
claims under rejection. 

(C) **> If a petition under 37 CFR 1.47 was granted or the application was accepted 
under 37 CFR 1 .42 or 1 .43, the affidavit or declaration may be signed by the 37 CFR 1 .47 
applicant or the legal representative, where appropriated . 

(D) The assignee or other party in interest when it is not possible to produce the affidavit 
or declaration of the inventor. Ex parte Foster, 1903 CD. 213, 105 O.G. 261 (Comm'r Pat. 1903. 
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In this case, only one inventor, and not the all of the Inventors of the claimed subject 
matter made the affidavit with no explanation as to why the other Inventors did not make one. 
Thus, the affidavit as filed is not effective to overcome the Burn reference and therefore the 
Examiner maintains the previous prior art rejection. This is not meant to be an exhaustive list of 
the Affidavit's deficiencies, thus the Examiner invites the Applicants to review MPEP 715.01- 
715.10 to ensure that the Affidavit filed const hues the key elements in order to overcome the 
prior art. 

Previous Drawing objections with regards to Fig. 2 have been withdrawn due to the 
Specification amendments filed on 6/20/2005. Previous objections to the Specification have also 
been withdrawn. Previous 35 U.S.C. 1 12, second paragraph rejections with regards to claims 1- 
1 6 have been withdrawn as well. 

Claim Rejections - 35 USC §103 

I. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

II. Claims 1-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Muftic, 
United States Patent No. 5,943,423, and further in view of Burn, United States Publication No. 
2003/0005291. 

As per claim 1 : 
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Muftic teaches a method for assigning certificates/private keys to a token, comprising: 
accessing the token through a token reader connected to a computer system (fog. 3, elements 350 
and 360) by a certificate/private key authority (col. 5, lines 23-47); reading a token ID and a user 
signature certificate from the token (col. 5, lines 33-47 and col. 15, lines 42-50); searching for a 
match for the token ID and the signature certificate in an authoritative database (col. 15, lines 51- 
57; reference to U.S. Patent No. 5745,574); creating a certificate and digitally signing the 
certificate/private key using a signature certificate of the certificate authority (col. 15, lines 58- 
61). Not explicitly disclosed by Muftic is creating the certificate, wherein the certificate is 
wrapped with a public key associated with the token ID; downloading the certificate/private key 
to the token; and decrypting the certificate/private key using a private key stored in the token. 

However, Burn teaches wrapping the certificate with a public key associated with the - 
token ID, as well as downloading the certificate to the token and decrypting it with the private 
key stored in the token. Therefore, it would have been obvious to a person in the art at the time 
the invention was made to modify the method disclosed in Muftic to encrypt the certificate with 
a public key associated with the private key on the token and downloading/decrypting the 
certificate in order to create an association between the user's token and the certification 
authority. This modification would have been obvious because a person having ordinary skill in 
the art, at the time the invention was made, would have been motivated to do so since it is 
suggested by Burn in par. 44. 
As per claim 2: 

Muftic and Burn substantially teach the method recited in claim 1 above. Furthermore, 
Burn discloses the method, wherein the certificate/private key is a plurality of certificates/private 
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keys that at least one certificate/private key is a signature certificate for the user and encryption 
certificate/private key for the user (par. 44). Not explicitly disclosed by Muftic and Burn is the 
method role certificate/private key for the user. However, Burn teaches user distinct certificates 
which also encompass other employee information. Therefore, it would have been obvious to a 
person in the art at the time the invention was made to modify the method disclosed in Muftic to 
use the employee information requested from the user in order to create a user role certificate. 
This modification would have been obvious because a person having ordinary skill in the art, at 
the time the invention was made, would have been motivated to do so since it is suggested by 
Burn in par. 41, lines 1-12. 
As per claim 3: 

Muftic and Burn substantially teach the method recited in claim 2 above. Furthermore, 
Burn teaches the method wherein the wrapping of the certificate with the public key of the token 
encrypts the certificate (par. 44, lines 7-21). 
As per claim 4: 

Muftic and Burn substantially teach the method recited in claim 3 above. Furthermore, 
Burn teaches the method, wherein the token is a smart card (par, 3 1). 
As per claim 5: 

Muftic and Burn substantially teach the method recited in claim 4 above. Furthermore, 
Burn teaches the method wherein the token ID is assigned by a token manufacturer at the time 
the token is created (par. 33 and 35-36) and stored in the authoritative database when assigned to 
a user (par. 44). 
As per claim 6: 
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Muftic and Burn substantially teach the method recited in claim 5 above. Furthermore, 
Burn teaches the method wherein downloading the certificate/private key to the token is done 
through an unsecured communications line (par. 34 and par. 48). 
As per claim 7: 

Muftic and Burn substantially teach the method recited in claim 6 above. Furthermore, 
Burn teaches the method wherein decrypting the certificate/private key using a private key stored 
in the token requires the entry of a pass phrase by a user. Burn teaches the method of having a 
user PIN in order to access the certificate which is what allows access to decrypt messages 
received, the first of which contains the certificate of the server (fig. 5, elements 140 and 150). 
As per claim 8: 

Muftic and Burn substantially teach the method recited in claim 1 above. Furthermore, 
Muftic teaches the method further comprising: authenticating, by the signing of the 
certificate/private key using a signature certificate of the certificate authority, that the 
certificate/private key was issued by the certificate authority (col. 15, lines 57-64). 
As per claims 9-16: 

Muftic and Burn substantially teach the method for carrying out the steps of a computer 
program embodied on a computer readable medium and executable by a computer for assigning 
certificates/private keys to a token, comprising: accessing the token through a token reader 
connected to a computer system by a certificate authority; reading a token ED and a user 
signature certificate from the token; searching for a match for the token ID and the signature 
certificate in an authoritative database; creating a certificate, wherein the certificate is wrapped 
with a public key associated with the token ID and digitally signing the certificate/private key 
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using a signature certificate of the certificate authority; downloading the certificate/private key to 
the token; and decrypting the certificate/private key using a private key stored in the token as 
shown in claim 1. Therefore, claim 9 is rejected based on the fact that it carries out the same 
steps as the method claim as rejected in claim 1. 

Furthermore, Muftic and Burn teach the limitations in each of the dependent claims 10-16 
as applied to the rejected method claims 2-8 above. Therefore, claims 10-16 are rejected based 
on the fact that the program executes the steps identical to the method claims as rejected above. 

^References Cited, Not Used 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

1. U.S. Patent No. 6,003,014 

2. U.S. Patent No. 6,460,138 

3. U.S. Patent No. 5,721,781 

4. U.S. Pub. No. 2002/0026578 

The above references have been cited because they are relevant due to the manner in which the 
invention has been claimed. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1. 136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
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MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1. 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nadia Khoshnoodi whose telephone number is (571) 272-3825. 
The examiner can normally be reached on M-F: 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Albert Decady can be reached on (571) 272-3819. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 




Nadia Khoshnoodi 
Examiner 
Art Unit 2133 
9/30/2005 
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